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IN THE CLAIMS: 



1 1 . (Original) A method for generating lookup tables and a final equivalence set for use in 

2 classifying a network packet in accordance with a policy that specifies one or more 

3 classes, each class containing one or more match statements, the match statements being 

4 one of a stand-alone matching rule and a matching rule in an access control list (ACL) 

5 defining one or more matching rules, the method comprising the steps of: 

6 generating a super class that contains all of the matching rules associated with the 

7 classes specified by the policy; and 

8 converting the matching rules of the super class into a single, hierarchical ar- 

9 rangement of lookup tables and associated equivalence sets, the hierarchical arrangement 



10 having a plurality of levels including a first level and a final level, the final equivalence 

i i set being associated with the final level. 

1 2. (Original) The method of claim 1 wherein the step of generating a super class com- 

2 prises the step of: 



3 saving class information associated with each class. 

1 3. (Original) The method of claim 2 wherein the class information includes for each 

2 class: 

3 a class name that identifies the class; 

4 a class criterion associated with the class; and 

5 a bitmap representing the matching rules associated with the class. 

1 4. (Original) The method of claim 1 wherein the network packet is organized into a plu- 

2 rality of sections and the step of converting comprises the steps of: 

3 generating a first-level lookup table and a first-level equivalence set for each net- 

4 work packet section using the matching rules of the super class; 



2 



PATENTS 
112025-0489 
CPOL# 139761 Seq.#4885 



5 merging the first-level equivalence sets to produce one or more next-level lookup 

6 tables and next-level equivalence sets; and 

7 merging the equivalence sets for each level to produce one or more next-level 

8 lookup tables and next-level equivalence sets until the lookup table associated with final 

9 level is produced. 

1 5. (Original) The method of claim 4 wherein each network packet section is associated 

2 with a value and the step of generating the first-level lookup tables and first-level equiva- 

3 lence sets comprises the steps of: 

4 creating a bitmap that represents the matching rules associated with a respective 

5 network packet section's value; 

6 determining if the bitmap matches an entry in the first-level equivalence set and, 

7 if so, assigning an equivalence set index value associated with the matching entry to the 

8 bitmap, otherwise, assigning a new equivalence set index value to the bitmap and placing 

9 the bitmap in the equivalence set; and 

10 associating the equivalence set index value with the first-level lookup table entry 



n associated with the respective network packet section's value. 

1 6. (Original) The method of claim 4 wherein the step of merging the equivalence sets 

2 for each level to produce one or more next-level lookup tables and next-level equivalence 

3 sets, comprises the steps of: 



4 a) calculating the cross-product of a first bitmap associated with a first equiva- 

5 lence set and a second bitmap associated with a second equivalence set to produce a third 

6 bitmap; 

7 b) determining if the third bitmap matches an entry in the next-level equivalence 

8 set and, if so, assigning an equivalence set index value associated with the matching entry 

9 to the third bitmap, otherwise, assigning a new equivalence set index value to the third 

10 bitmap and placing the third bitmap in the equivalence set; 
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1 i c) associating a next-level lookup table entry with the equivalence set index value; 

12 and 

13 d) repeating steps a through c for all entries in the first equivalence set and all the 
H entries in the second equivalence set. 

1 7. (Original) The method of claim 1 further comprising the step of: 

2 associating each entry in the final equivalence set with one or more classes. 

1 8. (Original) The method of claim 1 further comprising the step of: 

2 transferring the lookup tables and final equivalence set to a network device that 

3 performs packet classification. 



1 9. (Original) A method for generating lookup tables, a final equivalence set and a re- 

2 suits table for use in classifying a network packet in accordance with one or more match 

3 statements, the match statements being one of a stand-alone matching rule and a match- 

4 ing rule in an access control list (ACL) defining one or more matching rules, the method 



5 comprising the steps of: 

6 generating a super class that contains all of the matching rules; 

7 converting the matching rules of the super class into a single, hierarchical ar- 

8 rangement of lookup tables and equivalence sets, the hierarchical arrangement having a 

9 plurality of levels including a first level and a final level, the final equivalence set being 

10 associated with the equivalence set of the final level; and 

i i generating the results table from the entries in the final equivalence set. 

1 10. (Original) The method of claim 9 wherein each entry in the final equivalence set is 

2 associated with an equivalence set index value and the step of generating the results table 

3 from the entries in the final equivalence set, comprises the step of: 

4 associating the equivalence set index value with a result associated with the 

5 packet. 
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1 11. (Original) The method of claim 9 further comprising the step of: 

2 transferring the lookup tables and final equivalence set to a network device that 

3 performs packet classification. 

1 12. (Original) A method for classifying a network packet in accordance with a policy 

2 that specifies one or more classes, each class containing one or more match statements, 

3 the match statements being one of a stand-alone matching rule and a matching rule in an 

4 access control list (ACL) defining one or more matching rules, the method comprising 

5 the steps of: 

6 generating a super class that contains all of the matching rules; 

7 saving class information associated with each class; 

1 converting the matching rules of the super class into a single, hierarchical ar- 

2 rangement of lookup tables and associated equivalence sets, the hierarchical arrangement 

3 having a plurality of levels including a first level and a final level, a final equivalence set 

4 being associated with the final level; 

5 applying the network packet to the lookup tables to generate an outcome index; 

6 applying the outcome index to the final equivalence set to generate a bitmap 

7 value; and 

8 associating the bitmap value with the saved class information to determine one or 

9 more classes associated with the network packet. 

1 13. (Original) The method of claim 12 further comprising the step of: 

2 dividing the network packet into a plurality of sections. 

1 14. (Original) A method for classifying a network packet in accordance with one or more 

2 match statements, the match statements being one of a stand-alone matching rule and a 

3 matching rule in an access control list (ACL) defining a plurality of matching rules, the 

4 method comprising the steps of: 
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5 generating a super class that contains all of the matching rules; 

6 converting the matching rules of the super class into a single, hierarchical ar- 

7 rangement of lookup tables, the hierarchical arrangement having a plurality of levels in- 

8 eluding a first level and a final level, a final equivalence set being associated with the fi- 

9 nal level; 

10 generating a results table from entries in the final equivalence set; 

i i applying the network packet to the lookup tables to generate an outcome index; 

12 and 

0 applying the outcome index to the results table to determine a result that applies to 
14 the network packet. 

1 15. (Original) The method of claim 14 wherein the result is a pointer to a class associated 

2 with the network packet. 

1 16. (Original) The method of claim 14 wherein the result is a pointer to a matching rule 

2 associated with the network packet. 

1 17. (Original) The method of claim 14 further comprising the step of: 

2 dividing the network packet into a plurality of sections. 

1 18. (Original) An apparatus for generating lookup tables and a final equivalence set for 

2 use in classifying a network packet in accordance with a policy having one or more 

3 classes, each class containing one or more match statements, the match statements being 

4 one of a stand-alone matching rule and a matching rule in an access control list (ACL) 

5 defining one or more matching rules, comprising: 

6 a processor; 

7 a memory coupled to the processor; and 

8 means for generating a super class that contains all of the matching rules associ- 

9 ated with the classes; 
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10 whereby the processor is configured to a) convert the matching rules of the super 

n class into a single, hierarchical arrangement of lookup tables and equivalence sets, the 

12 hierarchical arrangement having a plurality of levels including a first level and a final 

13 level, the final equivalence set being associated with the final level and b) place the 

14 lookup tables and final equivalence set in the memory. 

1 19. (Original) The apparatus of claim 18 further comprising: 

2 a content-addressable memory (CAM); 

3 whereby the processor is configured to place the lookup tables in the CAM. 

1 20. (Original) An apparatus for generating lookup tables, a final equivalence set and a 

2 results table for use in classifying a network packet in accordance with one or more 

3 match statements, the match statements being one of a stand-alone matching rule and a 

4 matching rule in an access control list (ACL) defining a plurality of matching rules, com- 

5 prising: 



6 a processor; 

7 a memory coupled to the processor; and 

8 means for generating a super class that contains all of the matching rules; 

9 whereby the processor is configured to a) convert the matching rules of the super 



10 class into a single, hierarchical arrangement of lookup tables and equivalence sets, the 

1 1 hierarchical arrangement having a plurality of levels including a first level and a final 

12 level, the final equivalence set being associated with the final level, b) place the lookup 

13 tables and final equivalence set in the memory, and c) generate the results table from en- 
H tries in the final equivalence set. 

1 21. (Original) The apparatus of claim 20 further comprising: 

2 a content-addressable memory (CAM); 

3 whereby the processor is configured to place the lookup tables in the CAM. 
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22. (Original) A network device for classifying a network packet in accordance with a 
policy having one or more classes, each class containing one or more match statements, 
the match statements being one of a stand-alone matching rule and a matching rule in an 
access control list (ACL) defining a plurality of matching rules, the network device com- 
prising: 

means for generating a super class that contains all of the matching rules associ- 
ated with the classes; 

means for saving class information associated with each class; 
means for converting the matching rules of the super class into a single, hierarchi- 
cal arrangement of lookup tables and equivalence sets, the hierarchical arrangement hav- 
ing a plurality of levels including a first level and a final level, a final equivalence set be- 
ing associated with the final level; 

means for applying the network packet to the lookup tables to generate an out- 
come index; 

means for applying the outcome index to the final equivalence set to generate a 
bitmap value; and 

means for associating the bitmap value with the saved class information to deter- 
mine one or more classes associated with the network packet. 

23. (Original) A network device for classifying a network packet in accordance with one 
or more match statements, the match statements being one of a stand-alone matching rule 
and a matching rule in an access control list (ACL) defining a plurality of matching rules, 
the network device comprising: 

means for generating a super class that contains all of the matching rules; 

means for converting the matching rules of the super class into a single, hierarchi- 
cal arrangement of lookup tables and equivalence sets, the hierarchical arrangement hav- 
ing a plurality of levels including a first level and a final level, a final equivalence set be- 
ing associated with the final level; 

means for generating a results table from entries in the final equivalence set; 
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1 i means for applying the network packet to the lookup tables associated with the 

12 first level to generate an outcome index; and 

13 means for applying the outcome index to the results table to determine a result 

14 that applies to the network packet. 

1 24. (Currently Amended) A computer readable media comprising: 

2 the computer readable media containing computer executable instructions for 



3 execution in a processor for the practice of th e m e thod of claim 1 generating lookup ta- 

4 bles and a final equivalence set for use in classifying a network packet in accordance with 

5 a policy that specifies one or more classes, each class containing one or more match 

6 statements, the match statements being one of a stand-alone matching rule and a match- 

7 ing rule in an access control list (ACL) defining one or more matching rules, comprising. 



8 generating a super class that contains all of the matching rules associated with the 

9 classes specified by the policy; and 

10 converting the matching rules of the super class into a single, hierarchical ar- 

n rangement of lookup tables and associated equivalence sets, the hierarchical arrangement 



12 having a plurality of levels including a first level and a final level, the final equivalence 

13 set being associated with the final level . 

1 25. (Currently Amended) A computer readable media comprising: 

2 the computer readable media containing computer executable instructions for execution 

3 in a processor for the practice of th e m e thod of claim 9 generating lookup tables, a final 

4 equivalence set and a results table for use in classifying a network packet in accordance 

5 with one or more match statements, the match statements being one of a stand-alone 

6 matching rule and a matching rule in an access control list (ACL) defining one or more 

7 matching rules, comprising, 

8 generating a super class that contains all of the matching rules; 

9 converting the matching rules of the super class into a single, hierarchical ar- 

10 rangement of lookup tables and equivalence sets, the hierarchical arrangement having a 
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plurality of levels including a first level and a final level, the final equivalence set being 
associated with the equivalence set of the final level; and 

generating the results table from the entries in the final equivalence set 

26. (Currently Amended) A computer readable media comprising: 

the computer readable media containing computer executable instructions for execution 
in a processor for the practice of th e m e thod of claim 12 classifying a network packet in 
accordance with a policy that specifies one or more classes, each class containing one or 
more match statements, the match statements being one of a stand-alone matching rule 
and a matching rule in an access control list (ACL) defining one or more matching rules, 
comprising, 

generating a super class that contains all of the matching rules; 
saving class information associated with each class; 

converting the matching rules of the super class into a single, hierarchical ar- 
rangement of lookup tables and associated equivalence sets, the hierarchical arrangement 
having a plurality of levels including a first level and a final level, a final equivalence set 
being associated with the final level; 

applying the network packet to the lookup tables to generate an outcome index; 

applying the outcome index to the final equivalence set to generate a bitmap 

value; and 

associating the bitmap value with the saved class information to determine one or 
more classes associated with the network packet . 

27. (Currently Amended) A computer readable media comprising: 

the computer readable media containing computer executable instructions for execution 
in a processor for the practice of th e m e thod of claim 1 4 classifying a network packet in 
accordance with one or more match statements, the match statements being one of a 
stand-alone matching rule and a matching rule in an access control list (ACL) defining a 
plurality of matching rules, comprising, 
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generating a super class that contains all of the matching rules: 

converting the matching rules of the super class into a single, hierarchical ar- 
rangement of lookup tables, the hierarchical arrangement having a plurality of levels in- 
cluding a first level and a final level, a final equivalence set being associated with the fi- 
nal level: 

generating a results table from entries in the final equivalence set: 

a pplying the network packet to the lookup tables to generate an outcome index: 

and 

applying the outcome index to the results table to determine a result that applies to 
the network packet . 
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Please add new claims 28 et al. 

28. (New) A method for generating lookup tables, the method comprising the steps of: 

generating a super class that contains a plurality of matching rules for sorting in- 
coming packets into classes; 

converting the plurality of matching rules of the super class into a single, hierar- 
chical arrangement of lookup tables and equivalence sets; and 

generating the lookup table in response to the hierarchical arrangement of lookup 
tables and equivalence sets. 

29. (New) The method of claim 28 further comprising the step of: 

transferring the lookup tables and the final equivalence set to a network device 
that performs packet classification. 

30. (New) An apparatus for generating lookup tables, comprising: 

means for generating a super class that contains a plurality of matching rules for 
sorting incoming packets into classes; 

means for converting the plurality of matching rules of the super class into a sin- 
gle, hierarchical arrangement of lookup tables and equivalence sets; and 

means for generating the lookup table in response to the hierarchical arrangement 
of lookup tables and equivalence sets. 

31. (New) The apparatus claim 30 further comprising: 

means for transferring the lookup tables and the final equivalence set to a network 
device that performs packet classification. 

32. (New) A system for generating lookup tables, comprising: 

a processor configured to generate a super class that contains a plurality of match- 
ing rules for sorting incoming packets into classes; 
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the processor farther configured to convert the plurality of matching rules of the 
super class into a single, hierarchical arrangement of lookup tables and equivalence sets; 

the processor further configured to generate the lookup table in response to the 
hierarchical arrangement of lookup tables and equivalence sets; and 

a memory coupled to the processor, the memory configured to store the lookup 

table. 

33. (New) A computer readable media comprising: 

the computer readable media containing computer executable instructions for execution 
in a processor for the practice of generating lookup tables, comprising, 

generating a super class that contains a plurality of matching rules for sorting in- 
coming packets into classes; 

converting the plurality of matching rules of the super class into a single, hierar- 
chical arrangement of lookup tables and equivalence sets; and 

generating the lookup table in response to the hierarchical arrangement of lookup 
tables and equivalence sets. 
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